diff --git a/2014/9xxx/CVE-2014-9187.json b/2014/9xxx/CVE-2014-9187.json index 57b043a1f3d..5ef1963059c 100644 --- a/2014/9xxx/CVE-2014-9187.json +++ b/2014/9xxx/CVE-2014-9187.json @@ -1,17 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2014-9187", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-9187", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Honeywell", + "product": { + "product_data": [ + { + "product_name": "Experion PKS", + "version": { + "version_data": [ + { + "version_value": "R40x prior to R400.6" + }, + { + "version_value": "R41x prior to R410.6" + }, + { + "version_value": "R43x prior to R430.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow CWE-122" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version." } ] } diff --git a/2014/9xxx/CVE-2014-9189.json b/2014/9xxx/CVE-2014-9189.json index 3c74a011c25..58676729168 100644 --- a/2014/9xxx/CVE-2014-9189.json +++ b/2014/9xxx/CVE-2014-9189.json @@ -1,17 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2014-9189", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-9189", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Honeywell", + "product": { + "product_data": [ + { + "product_name": "Experion PKS", + "version": { + "version_data": [ + { + "version_value": "R40x prior to R400.6" + }, + { + "version_value": "R41x prior to R410.6" + }, + { + "version_value": "R43x prior to R430.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version." } ] } diff --git a/2018/1000xxx/CVE-2018-1000061.json b/2018/1000xxx/CVE-2018-1000061.json index 4c363c9fe80..372796bdca8 100644 --- a/2018/1000xxx/CVE-2018-1000061.json +++ b/2018/1000xxx/CVE-2018-1000061.json @@ -1,63 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "DATE_ASSIGNED": "2/7/2018 9:24:38", - "ID": "CVE-2018-1000061", - "REQUESTER": "paul.sokolovsky+cve@linaro.org", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-1000061", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "ARM mbedTLS version development branch, 2.7.0 and earlier contains a CWE-670, Incorrect condition control flow leading to incorrect return, leading to data loss vulnerability in ssl_write_real(), library/ssl_tls.c:7142 that can result in Leads to data loss, can be escalated to DoS and authorization bypass in application protocols. This attack appear to be exploitable via network connectivity." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://github.com/ARMmbed/mbedtls/issues/1356", - "refsource": "CONFIRM", - "url": "https://github.com/ARMmbed/mbedtls/issues/1356" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2018/6xxx/CVE-2018-6703.json b/2018/6xxx/CVE-2018-6703.json index 3694e346770..bb143959f66 100644 --- a/2018/6xxx/CVE-2018-6703.json +++ b/2018/6xxx/CVE-2018-6703.json @@ -1,93 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@mcafee.com", - "ID": "CVE-2018-6703", - "STATE": "PUBLIC", - "TITLE": "Remote Logging functionality had a use after free vulnerability in McAfee Agent" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "McAfee Agent", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "5.x", - "version_value": "5.6.0" - } - ] - } - } - ] - }, - "vendor_name": "McAfee, LLC" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service." - } - ] - }, - "generator": { - "engine": "Vulnogram 0.0.5" - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@mcafee.com", + "ID": "CVE-2018-6703", + "STATE": "PUBLIC", + "TITLE": "Remote Logging functionality had a use after free vulnerability in McAfee Agent" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "McAfee Agent", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.x", + "version_value": "5.6.0" + } + ] + } + } + ] + }, + "vendor_name": "McAfee, LLC" + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10258", - "refsource": "CONFIRM", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10258" - } - ] - }, - "source": { - "discovery": "UNKNOWN" - }, - "work_around": [ - { - "lang": "eng", - "value": "Remote logging is disabled by default. Turning off remote logging protects against this issue." - } - ] -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.5" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10258", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10258" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "eng", + "value": "Remote logging is disabled by default. Turning off remote logging protects against this issue." + } + ] +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10044.json b/2019/10xxx/CVE-2019-10044.json new file mode 100644 index 00000000000..70fa76408e1 --- /dev/null +++ b/2019/10xxx/CVE-2019-10044.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/blazeinfosec/advisories/blob/master/telegram-advisory.txt", + "refsource": "MISC", + "name": "https://github.com/blazeinfosec/advisories/blob/master/telegram-advisory.txt" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10045.json b/2019/10xxx/CVE-2019-10045.json new file mode 100644 index 00000000000..f9afdb7d74b --- /dev/null +++ b/2019/10xxx/CVE-2019-10045.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10045", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10046.json b/2019/10xxx/CVE-2019-10046.json new file mode 100644 index 00000000000..eb7ccf91dad --- /dev/null +++ b/2019/10xxx/CVE-2019-10046.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10046", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10047.json b/2019/10xxx/CVE-2019-10047.json new file mode 100644 index 00000000000..dd7cf27a2ad --- /dev/null +++ b/2019/10xxx/CVE-2019-10047.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10047", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10048.json b/2019/10xxx/CVE-2019-10048.json new file mode 100644 index 00000000000..95c2a556e9e --- /dev/null +++ b/2019/10xxx/CVE-2019-10048.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10048", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10049.json b/2019/10xxx/CVE-2019-10049.json new file mode 100644 index 00000000000..2a2fe8f3c47 --- /dev/null +++ b/2019/10xxx/CVE-2019-10049.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10049", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7148.json b/2019/7xxx/CVE-2019-7148.json index 5f95ba5af50..b941e239481 100644 --- a/2019/7xxx/CVE-2019-7148.json +++ b/2019/7xxx/CVE-2019-7148.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception." + "value": "**DISPUTED** An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers believe this is not a real issue, but instead a \"warning caused by ASAN because the allocation is big. By setting ASAN_OPTIONS=allocator_may_return_null=1 and running the reproducer, nothing happens.\"" } ] }, diff --git a/2019/9xxx/CVE-2019-9970.json b/2019/9xxx/CVE-2019-9970.json index 5ff3b284405..3deaaec3055 100644 --- a/2019/9xxx/CVE-2019-9970.json +++ b/2019/9xxx/CVE-2019-9970.json @@ -52,15 +52,15 @@ }, "references": { "reference_data": [ - { - "url": "https://github.com/blazeinfosec/advisories/blob/c70c90bc7f8d82d4d20c42260770cbdeec834623/signal-advisory.txt", - "refsource": "MISC", - "name": "https://github.com/blazeinfosec/advisories/blob/c70c90bc7f8d82d4d20c42260770cbdeec834623/signal-advisory.txt" - }, { "refsource": "BID", "name": "107550", "url": "http://www.securityfocus.com/bid/107550" + }, + { + "refsource": "MISC", + "name": "https://github.com/blazeinfosec/advisories/blob/master/signal-advisory.txt", + "url": "https://github.com/blazeinfosec/advisories/blob/master/signal-advisory.txt" } ] }